aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Cohen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AURORA-1755) Mounts created by executor when using filesystem isolation are leaking to the host filesystem's mtab
Date Sat, 27 Aug 2016 18:06:20 GMT

    [ https://issues.apache.org/jira/browse/AURORA-1755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15441991#comment-15441991
] 

Joshua Cohen commented on AURORA-1755:
--------------------------------------

This this seems strange to me. I've confirmed that the mount namespace *is* different for
the host and the running executor:

>From the host:
{noformat}
$ stat /proc/self/ns/mnt
  File: ‘/proc/self/ns/mnt’ -> ‘mnt:[4026531840]’
  Size: 0         	Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d	Inode: 857041      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/ vagrant)   Gid: ( 1000/ vagrant)
Access: 2016-08-27 17:36:10.392088064 +0000
Modify: 2016-08-27 17:36:10.392088064 +0000
Change: 2016-08-27 17:36:10.392088064 +0000
 Birth: -
{noformat}

>From the executor before it does any mounting:
{noformat}
File: '/proc/self/ns/mnt' -> 'mnt:[4026532188]'
  Size: 0               Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d   Inode: 855981      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-08-27 17:31:15.252090817 +0000
Modify: 2016-08-27 17:31:15.252090817 +0000
Change: 2016-08-27 17:31:15.252090817 +0000
 Birth: -
{noformat}

And from a process in the task (i.e. something launched by mesos-containerizer in the isolated
filesystem):
{noformat}
  File: '/proc/self/ns/mnt' -> 'mnt:[4026532189]'
  Size: 0         	Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d	Inode: 856914      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/ vagrant)   Gid: ( 1000/ vagrant)
Access: 2016-08-27 17:31:19.140090780 +0000
Modify: 2016-08-27 17:31:19.140090780 +0000
Change: 2016-08-27 17:31:19.140090780 +0000
 Birth: -
{noformat}

The value in the brackets after 'mnt' is the namespace, so on the host it's 4026531840, for
the executor it's 4026532188 and for the launched process it's: 4026532189

> Mounts created by executor when using filesystem isolation are leaking to the host filesystem's
mtab
> ----------------------------------------------------------------------------------------------------
>
>                 Key: AURORA-1755
>                 URL: https://issues.apache.org/jira/browse/AURORA-1755
>             Project: Aurora
>          Issue Type: Bug
>          Components: Executor
>            Reporter: Joshua Cohen
>
> {noformat}
> $ cat /etc/mtab |grep /var/lib/mesos |wc -l
> 432
> {noformat}
> In theory this should not be happening, because the executor should be running in its
own mount namespace. In practice... something is awry. Should talk to Mesos folks to see what's
going on, but we have a few easy solutions regardless:
> add the -n flag to the mount command to not create the mtab entry.
> run the mount commands through mesos-containerizer launch's --pre-exec which will create
the mount in the isolated fileystem's namespace.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message